Ticker feed

Microsoft rushed out emergency security updates on January 26, 2026, to fix CVE-2026-21509, a zero-day vulnerability in Microsoft Office that hackers are actively exploiting. The flaw lets attackers bypass Office security protections by tricking users into opening malicious files through phishing emails.

Rated "Important" with a 7.8 severity score, the vulnerability affects multiple Office versions including 2016, 2019, 2021, and Microsoft 365. Office 2021 and newer versions get automatic protection after restarting, while older versions need manual updates or registry modifications.

This marks the second actively exploited zero-day patched this month. Organizations should prioritize installing these updates immediately and watch for suspicious Office attachments, as threat actors commonly use this attack method for ransomware and advanced persistent threat campaigns.

Source: Cybersecurity News

Under Armour is investigating a data breach that occurred late last year, affecting 72 million customer email addresses according to cybersecurity site Have I Been Pwned. The stolen data included emails, names, genders, birthdates, and ZIP codes, but no passwords or financial information appears compromised.

The Baltimore-based clothing retailer maintains that their main website and payment systems weren't affected. Cybersecurity expert Troy Hunt agrees with Under Armour's assessment but expressed surprise at the company's lack of official disclosure given the breach's scale and timing. Under Armour called any claims about sensitive personal information being compromised "unfounded."

Source: CBS News Baltimore

Cybercriminals launched automated attacks against FortiGate firewall devices starting January 15, 2026, exploiting critical authentication bypass vulnerabilities disclosed by Fortinet in December 2025. The attackers use malicious SAML messages to bypass SSO login, then quickly steal configuration data and create persistent admin accounts within seconds.

Arctic Wolf detected the highly automated campaign targeting CVE-2025-59718 and CVE-2025-59719, which affect FortiOS, FortiWeb, and other Fortinet products. Attackers primarily use the account cloud-init@mail.io and create backup accounts like "secadmin" and "itadmin" to maintain access.

Fortinet users should immediately disable FortiCloud SSO, reset all credentials, and restrict management interfaces to trusted networks while monitoring for suspicious activity.

Source: Cyber Security News

CISA added a critical Zimbra Collaboration Suite vulnerability to its Known Exploited Vulnerabilities catalog Thursday, urging federal agencies to patch immediately. The flaw (CVE-2025-68645) allows attackers to access sensitive files without authentication by exploiting the webmail interface's RestFilter servlet.

Threat actors are already using this vulnerability in sophisticated, targeted campaigns according to CrowdSec researchers. The bug can expose internal system information and enable further attacks when combined with other weaknesses.

Zimbra released patches in November 2025 for versions 10.1.13 and 10.0.18. Federal agencies have three weeks to fix this and three other newly identified exploited vulnerabilities under government security directives.

Source: Security Week

Kensington and Chelsea Council suffered a major cyber attack that potentially compromised personal data of hundreds of thousands of residents. The west London authority warned households that criminals could use the stolen information to make scams appear legitimate.

The council detected and contained the breach quickly, but hackers accessed sensitive data including housing records and social care information. Council leader Elizabeth Campbell called it a "serious" incident, prompting immediate warnings to residents about potential fraud attempts.

Three councils - Kensington and Chelsea, Westminster, and Hammersmith and Fulham - are working with the National Cyber Security Centre to investigate. It could take months to fully assess what data was compromised, with priority given to checking files belonging to vulnerable individuals.

Source: BBC News

Nike is investigating a potential cybersecurity breach after the WorldLeaks hacking group claimed to have stolen company data and threatened to release it publicly. The cybercriminals listed Nike as a victim on their dark web site on January 22, setting a January 24 deadline for data release unless ransom demands are met.

WorldLeaks emerged in 2025 after the shutdown of Hunters International ransomware group, shifting focus from file encryption to pure data theft and extortion. The gang has targeted nearly 120 organizations, including Dell earlier this year.

Nike hasn't disclosed what type or amount of data was allegedly compromised. The incident follows a similar breach at Under Armour, highlighting ongoing cybersecurity challenges facing major retailers.

Source: SecurityWeek

Cisco rushed to patch a critical zero-day vulnerability in its Unified Communications Manager after discovering attackers were already exploiting it. The flaw, CVE-2026-20045, affects products used by 30 million people for voice, video, and collaboration services.

Attackers can exploit the vulnerability by sending crafted HTTP requests to gain user-level access, then escalate to root privileges for complete system control. The vulnerability scored 8.2 on the CVSS scale but received Cisco's highest "critical" rating due to the potential for full system compromise.

CISA added the flaw to its Known Exploited Vulnerabilities catalog, and security researchers detected signs of mass scanning for vulnerable systems. This continues a troubling pattern of Cisco products being targeted by threat actors, particularly Chinese state-sponsored groups.

Source: Dark Reading

Under Armour is investigating a data breach that compromised 72 million customer email addresses, along with names, genders, birthdates, and ZIP codes. The breach reportedly occurred late last year, according to cybersecurity site Have I Been Pwned.

The Baltimore-based clothing retailer says there's no evidence hackers accessed passwords or financial information from UA.com or payment systems. Have I Been Pwned CEO Troy Hunt agrees with Under Armour's assessment but expressed surprise at the company's lack of an official disclosure statement given the breach's scale and timing.

Source: Security Week

North Korean hackers are using a clever new trick to break into South Korean systems by exploiting Microsoft Visual Studio Code's legitimate tunneling feature. Darktrace researchers discovered the spear-phishing campaign targeting South Koreans with fake government emails about graduate school programs.

The malicious documents, disguised as official files, secretly install VS Code and create a tunnel called "bizeugene" that gives attackers full remote access. This method bypasses traditional security measures since it uses trusted Microsoft infrastructure instead of suspicious command-and-control servers.

The attack represents a shift toward "living-off-the-land" tactics, where hackers abuse legitimate tools rather than custom malware, making detection extremely difficult for security teams.

Source: Dark Reading

Generative AI is transforming cybercrime, with fraud expected to surpass ransomware as the biggest digital threat in 2026, according to the World Economic Forum. Nearly 73% of CEOs surveyed said they or their networks were hit by cyber-enabled fraud in 2025.

The shift reflects AI's ability to create more convincing scams. Criminals can now clone voices, localize messages instantly, and launch sophisticated impersonation attacks that are harder to detect. Consumer losses hit $12.5 billion in 2024, up 25% from the previous year.

Experts recommend slowing down when receiving urgent requests, verifying contacts independently, and never sharing personal information through unsolicited messages. Traditional red flags are disappearing as AI makes scams increasingly realistic.

Source: CNET